Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

HTTPS unable login (Urgent) Thanks! (Solved, please take a look)

edited February 2009 in Vanilla 1.0 Help
Dear pros, please help me newbie, my problem is: I rewrite http to https by these codes: { RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} } everything works fine, however when i tried to login, I'll loop in the login page(/people.php), and never get logon. after i click submit, i'll be redirected to people.php and every field will be cleared again. please give me some suggestion on how to solve it . Thanks!

Comments

  • Options
    edited February 2009
    Try Vanilla 1.1.6-rc1. There is a fix related to SSL. It might help:
    http://vanilla-friends.googlecode.com/files/vanilla-1.1.6-rc1.zip
    I remember the change now, and I don't think it will help.

    You should check the response using a proxy like http header live (an addon for firefox)
  • Options
    http://localhost/forum/people.php POST /forum/people.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=lbcb3gmlqjq83gcb9di3t4rqg5 Content-Type: application/x-www-form-urlencoded Content-Length: 127 ReturnUrl=http%253A%252F%252Flocalhost%252Fforum% 252F&PostBackAction=SignIn&Username=admin&Password=MyPassword&btnSignIn=Proceed HTTP/1.x 302 Found Date: Sat, 07 Feb 2009 03:05:29 GMT Server: Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.8 Location: https://localhost/forum/people.php Content-Length: 218 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ---------------------------------------------------------- https://localhost/forum/people.php GET /forum/people.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=lbcb3gmlqjq83gcb9di3t4rqg5 HTTP/1.x 200 OK Date: Sat, 07 Feb 2009 03:05:30 GMT Server: Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.8 X-Powered-By: Lussumo Vanilla 1.1.6-rc1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Sat, 07 Feb 2009 03:05:30 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 1916 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8
  • Options
    edited February 2009
    This is the Generator list POST /forum/people.php ReturnUrl=http%253A%252F%252Flocalhost%252Fforum%252F&PostBackAction=SignIn&Username=admin&Password=MyPassword&btnSignIn=Proceed please help me work it out , Thanks!
  • Options
    Thanks Dinoboff, vanilla 1.1.6 solved the problem. Version: vanilla 1.1.6-rc1 (tried with vanilla 1.1.5a without success) this is my httpd-conf rewrite statement RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} "appg/settings.php" $Configuration['HTTP_METHOD'] = 'https'; "conf/settings.php" $Configuration['BASE_URL'] = 'https://localhost/forum/'; $Configuration['FORWARD_VALIDATED_USER_URL'] = 'https://localhost/forum/';
  • Options
    Well I was pessimistic, 1.1.6-rc1 did solved it. One of the fix make sure that session cookies are set with the ssl option. Shouln't the cookie set without the ssl option be accessible to but ssl and non-ssl page?

    About 1.1.6-rc1 it is a very stable version; 1.1.6 is not yet out because I waiting for one more feature to be completed.
Sign In or Register to comment.